Bump rand_core from 0.6.4 to 0.10.0 in /rust_crypto#7
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps [rand_core](https://github.com/rust-random/rand_core) from 0.6.4 to 0.10.0. - [Release notes](https://github.com/rust-random/rand_core/releases) - [Changelog](https://github.com/rust-random/rand_core/blob/master/CHANGELOG.md) - [Commits](rust-random/rand_core@v0.6.4...v0.10.0) --- updated-dependencies: - dependency-name: rand_core dependency-version: 0.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Codecov Reportβ All modified and coverable lines are covered by tests. π’ Thoughts on this report? Let us know! |
Owner
|
Closing: superseded by grouped Dependabot configuration. Future Rust dependency updates will be batched together in a single PR. |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/cargo/rust_crypto/rand_core-0.10.0
branch
systemslibrarian
added a commit
that referenced
this pull request
May 4, 2026
The CHANGELOG "Repository organisation" entry on this branch
moved several files (stray test_*.{py,js} β scripts/dev/, package
_archive β top-level archive/). Three CI gates that hadn't run
since before the org sweep (gated behind the now-fixed Preflight
job) tripped on stale path references.
## Gate 1a β `tests/test_cat_js_runner.py`
`test_cat_binary.js` and `test_cat_5speeds.js` were moved from
repo root to `scripts/dev/` but the pytest wrapper still pointed
at the root. Update both `subprocess.run(...)` invocations to the
new location via a `JS_DIR = ROOT/scripts/dev` constant.
`scripts/dev/test_cat_5speeds.js` itself also broke β it had
relative requires `./web_demo/...` that worked from repo root
but resolve against the file's own directory under Node, so
moved to `scripts/dev/web_demo/...` which doesn't exist. Fix in
the .js file: compute `REPO_ROOT = __dirname/../..` and resolve
the `web_demo/*.js` modules from there. Verified locally:
`node scripts/dev/test_cat_5speeds.js` β 31/31 passed across all
5 speeds (0xfe94cfab, 0xe084eb3f, 0x3c44130e, 0x8af607d5,
0xc7e4644a session IDs).
## Gate 1b β `tests/test_production_boundary.py::test_testonly_dir_exists`
The test checked for `_testonly` at two locations:
meow_decoder/_testonly/
meow_decoder/_archive/_testonly/
But the package-internal `_archive/` was moved to top-level
`archive/` in the gemini #7 surface-area-minimisation work
(CHANGELOG entry 2026-05-03 "Repository organisation"). The new
location is `archive/_testonly/`. Add it to the candidate list;
keep the original two for backwards compatibility. Also improve
the failure message to print every path tried.
## Gate 2 β `tests/test_cat_mode_golden.html`
The headless-Chrome Selenium test loaded the page but the page
hung in `pending` status (Selenium 120s timeout). The HTML
references six scripts at `../examples/*.js`:
cat-mode-protocol.js
preamble-calibration.js
nrz-decoder.js
quality-metrics.js
adaptive-threshold.js
hysteresis.js
None of those exist under `examples/` β they live in `web_demo/`.
That's been true since commit 0ca9cb3 ("Remove Cat Mode from
public repo, add .gitignore for web_demo") long before this
branch; the test page was just never run because Preflight gated
it. Switch all six `<script src>` tags to `../web_demo/*.js`.
## Verification
* `pytest tests/test_cat_js_runner.py -v` β 2/2 passed locally.
* `pytest tests/test_production_boundary.py::TestProductionBoundary::test_testonly_dir_exists -v` β passed.
* `node scripts/dev/test_cat_5speeds.js` β 31/31 pipeline passed,
5 unique session IDs.
* `node scripts/dev/test_cat_binary.js` β 13/13 passed (was
already passing once the path lookup was fixed).
* Cannot run headless Chrome locally, but the script paths are
verified to exist under `web_demo/` and the relative path from
`tests/` resolves correctly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
systemslibrarian
added a commit
that referenced
this pull request
May 5, 2026
β¦t surfaces (gemini #7) Surface-area minimization survey of top-level dirs. Keeps tooling focused on current production code; reduces noise from generated / historical / packaging dirs that are not part of the live security boundary. .gitignore - Add `test-results/` and `playwright-report/` (Playwright runner output). One stale tracked file removed (`test-results/.last-run.json`). pyproject.toml [tool.bandit] - Expand exclude_dirs from 6 entries to 16. Adds `htmlcov`, `test-results`, `playwright-report`, `releases`, `build`, `dist`, `.pytest_cache`, `.hypothesis`, `.mypy_cache`. None of these contain executable production code; including them in scans produces noise without security signal. pyproject.toml [tool.pytest.ini_options] - Expand norecursedirs to match the bandit exclusions. pytest already only walks `testpaths = ["tests"]`, so this is belt-and-suspenders against `pytest <dir>` invocations. Survey notes (not actioned β flagged for user judgment): - `releases/android/*.apk` β two 60 MB APKs are tracked (116 MB total). The README's install path links to the in-tree raw URL, so removing them needs a coordinated migration to GitHub Releases or Git LFS plus a README link update. Not a unilateral change. - `examples/crypto_core_bg.wasm` (273 KB) β built artifact, not source. Used in-tree by the example HTML pages. Could be regenerated by `scripts/build_wasm.sh`. Same story: removing it breaks a documented entry path. - Other dirs (`assets/`, `formal/`, `examples/` source files, `fuzz/`, `scripts/`) are correctly tracked as part of the active workspace and were not touched. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
systemslibrarian
added a commit
that referenced
this pull request
May 5, 2026
β¦nk fix, fountain reassessment, HW test matrix Four-in-one doc commit closing the long-tail items from gemini_suggetions.md. No code changes. 1. APK install-path migration (flagged from gemini #7 survey): - README.md, mobile/README.md, docs/ROADMAP.md, QUICKSTART.md all linked to v3.2.2 APK that does not exist (only v3.2.0 and v3.2.1 are tracked, no APKs are on GitHub Releases). Updated all four to link to v3.2.1 with a note that future APKs move to GitHub Releases / Play Store. - .gitignore: `releases/android/*.apk` added so future APKs are not committed. Existing tracked APKs are unaffected (gitignore does not retroactively untrack). 2. crypto_core_bg.wasm tracking documented (flagged from gemini #7): - docs/SURFACE_AREA_MINIMIZATION.md gains a "Tracked Build Artifacts and Sideload Assets" section explaining why the WASM (Γ3 copies) is intentionally tracked, how to regenerate it (`scripts/build_wasm.sh`), when to update it. Same section also covers the APK retention/migration story end-to-end. 3. gemini #6 (fountain Rust+WASM unification) closed: - docs/FOUNTAIN_RUST_WASM_MIGRATION.md Phase 4 reassessed 2026-05-05: items 1 (Python LT fallback) and 2 (JS LT fallback) were misclassified as "deferred deletion" β they are intentional load-bearing fallbacks for environments without meow_crypto_rs / WASM. Item 4 (PROTOCOL.md doc) is satisfied by Β§6 already documenting the on-wire droplet layout. Phase 4 is closed; the migration is shipped. - gemini_suggetions.md item 6 verdict updated to "closed". 4. gemini #2 (HSM hardware-path doc audit) addressed: - docs/HARDWARE_TEST_MATRIX.md (new) β honestly enumerates what's covered by mock providers in CI vs. what still needs real-hardware validation (SoftHSM2, swtpm, YubiKey 5, etc.). Per-device rows the maintainer can fill in as devices are exercised. Cross-references the closed audit findings (6.2, 6.3, 6.6, 7.1, 12.6) and the open cryptographer-review item on the tss-esapi `Context::create()` SensitiveData slot. - gemini_suggetions.md item 2 verdict updated to point at the new test matrix. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps rand_core from 0.6.4 to 0.10.0.
Release notes
Sourced from rand_core's releases.
... (truncated)
Changelog
Sourced from rand_core's changelog.
... (truncated)
Commits
0ce22c9Prepare 0.10.0 (#64)a20120cRemove CryptoGenerator and Generator::drop; add BlockRng::clear (#69)f9763d8Add deprecatedRngCore/TryRngCoreforwarding traits (#70)ae88096Update license year (#67)5de0732TweakUnwrapErrimpl (#66)9eb6381Tweak doc links (#65)5864683Remove outdated comment (#62)f5e3b45MoveSeedableRngandUnwrapErrinto separate modules (#63)e591ff2Release v0.10.0-rc-6 (#61)423ca87Enable lints in Cargo.toml (#60)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)